Return-Path: Delivered-To: apmail-lucene-java-user-archive@www.apache.org Received: (qmail 8146 invoked from network); 3 Apr 2007 14:33:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Apr 2007 14:33:40 -0000 Received: (qmail 83072 invoked by uid 500); 3 Apr 2007 14:33:41 -0000 Delivered-To: apmail-lucene-java-user-archive@lucene.apache.org Received: (qmail 82577 invoked by uid 500); 3 Apr 2007 14:33:40 -0000 Mailing-List: contact java-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: java-user@lucene.apache.org Delivered-To: mailing list java-user@lucene.apache.org Received: (qmail 82562 invoked by uid 99); 3 Apr 2007 14:33:40 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Apr 2007 07:33:40 -0700 X-ASF-Spam-Status: No, hits=2.9 required=10.0 tests=HTML_10_20,HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of rosherd@googlemail.com designates 64.233.184.225 as permitted sender) Received: from [64.233.184.225] (HELO wr-out-0506.google.com) (64.233.184.225) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Apr 2007 07:33:30 -0700 Received: by wr-out-0506.google.com with SMTP id 68so1625802wra for ; Tue, 03 Apr 2007 07:33:09 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=mAaplWVOcseiWEO7FYOoLo/rFcSF0rDA6+UXq09jRJCCWsksVybcEe7kMcjeQNtojWsDkiUNOTT6eT9BrPSd+XpPYNXAzUytcNWWVuy7w9gSCuuqtWhQatH+yOQMG014WcwRo5d5kybq8GaRs/DqvUSsYtsx/LCZojQTU3zjYYs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=ebubb6ji/6ve5jlgs+MtVOatl5WtjmRLMV6+ZBSKU0msUIE/nEFwcnpI381dkpCpUVmknfIy1ErQ4tzoLGhQyPcYm+rqfkMZ1hXTWzNADJE1dTpZxnTogCX0Feq+G2h/b2+ViNX6VgyilWv00rIgu4i0gFJ3a7AIySl/qAt8Xyk= Received: by 10.114.167.2 with SMTP id p2mr2243244wae.1175610788869; Tue, 03 Apr 2007 07:33:08 -0700 (PDT) Received: by 10.115.93.12 with HTTP; Tue, 3 Apr 2007 07:33:08 -0700 (PDT) Message-ID: <1c36b0de0704030733s44aec318id2bfe58c44dbaa13@mail.gmail.com> Date: Tue, 3 Apr 2007 15:33:08 +0100 From: "Daniel Rosher" To: java-user@lucene.apache.org Subject: Re: Design Problem: Searching large set of protected documents In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_10012_4391101.1175610788834" References: <1174299031.6246.13.camel@localhost> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_10012_4391101.1175610788834 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi Jonathon, Since the number of users in your application is small, perhaps you could apply a pre-generated filter per user, and apply this to the search, howeve= r this won't scale well if the number of users grow. Another idea might be to have several filters,each of which detail a particular type of access rather than a filter / user. Then using the ChainedFilter chain together these filters, depending on the user, at query time. Regards, Dan On 4/3/07, Jonathan O'Connor wrote: > > Hi, > I have a database of a million documents and about 100 users. The > documents > can have an access control list, and there is a complex, recursive > algorithm to say if a particular user can see a particular document. > > My problem is that my search algorithm is to first do a standard lucene > search for matching documents, and then check security on each one found, > just returning the allowed documents. However, if I do this, and the > lucene > returns 100000 docs, but the user can only see 10 of these, then obviousl= y > the search is going to take an awful long time. > > Has anyone come across this problem before, and if so what approach did > you > take? I guess I could precalculate the permissions for every user-documen= t > pair, but that's alot of storage, and a lot of precalculation! > > I await the list's accumulated wisdom with eagerness and interest. > Thanks, > Jonathan O'Connor > XCOM Dublin > > > > *** XCOM AG Legal Disclaimer *** > > Diese E-Mail einschliesslich ihrer Anhaenge ist vertraulich und ist allei= n > f=FCr den Gebrauch durch den vorgesehenen Empfaenger bestimmt. Dritten is= t > das Lesen, Verteilen oder Weiterleiten dieser E-Mail untersagt. Wir > bitten, > eine fehlgeleitete E-Mail unverzueglich vollstaendig zu loeschen und uns > eine Nachricht zukommen zu lassen. > > This email may contain material that is confidential and for the sole use > of the intended recipient. Any review, distribution by others or > forwarding > without express permission is strictly prohibited. If you are not the > intended recipient, please contact the sender and delete all copies. > > Hauptsitz: Bahnstrasse 37, D-47877 Willich, USt-IdNr.: DE 812 885 664 > Kommunikation: Telefon +49 2154 9209-70, Telefax +49 2154 9209-900, > www.xcom.de > Handelsregister: Amtsgericht Krefeld, HRB 10340 > Vorstand: Matthias Albrecht, Renate Becker-Grope, Marco Marty, Dr. Rainer > Fuchs > Vorsitzender des Aufsichtsrates: Stephan Steuer ------=_Part_10012_4391101.1175610788834--